Majority of comment spam posted by same culprits, firm finds

Imperva found that just 17 percent of comment spammers were behind the majority of the spurious messages.

A security firm found that the majority of comment spam – messages left on sites to carry out fraudulent advertising or spread malware – is created by a small number of saboteurs.

A report released Monday called the “Anatomy of Comment Spam,” (PDF) delved into the growing problem, which can negatively impact firms' reputations, along with user security.

Imperva, which published the report, found that just 17 percent of comment spam offenders posted the majority of these spurious messages. The firm tracked comment spam activity on more than 60 applications, over a two-week period in September, before spotting the trend.

Through its investigations, Imperva also found that the malicious activity sometimes escalated after companies stepped in to mitigate.

“The comment spam issue has become so prevalent that organizations are fighting back, by implementing mitigation services,” the report said. “Interestingly, there have been incidents of spammers fighting anti-spammers in an attempt to shut down those mitigation services, and many of those counter attacks have been successful.”

Barry Shteiman, Imperva's director of security strategy, told SCMagazine.com in an interview, that distributed denial-of-service (DDoS) attacks, or even an increase of more comment spam, directed at websites' comment sections, often occurred as “counter attacks.”

“One of the unfortunate things that is happening, is if that attack doesn't work, the attacker becomes frustrated and uses DDoS [against enterprises],” Shteiman said.

As companies become more aware of this money-generating tactic by scammers, they've strengthened their website applications to prevent spam, he added.

“But sometimes that not enough, because the tools are advanced enough to bypass it,” Shteiman said of firms' counter measures. “For instance, there are services that [complete] CAPTCHA forms for you.”

Attackers often employ free or crowdsourced tools to bypass verification methods, like CAPTCHA, that help weed out automated, or spam, comments from those of legitimate users, he explained.